On Sunday, Java's owner, Oracle, rushed out an emergency fix for a vulnerability which was being actively exploited by cyber-criminals but it appears that was simply plugging one hole for another to appear almost instantaneously. Security expert Brian Krebs has discovered that another zero-day vulnerability has been discovered and that an exploit taking advantage of the security flaw was already on sale. 

Krebs made the discovery on an exclusive cybercrime forum where an administrator posted a message saying he was willing to sell the exploit to just two lucky buyers, with the price starting at $5,000.

The forum member also said the exploit was not included in any of the other exploit kits available on the market today. Exploit kits, such as Blackhole, are made to automate the exploitation of computers via web browser vulnerabilities and sell for up to $10,000-a-month. Since the message was posted it has been removed from the forum indicating that the sale has been completed.

New Java Security Flaw Uncovered, Exploit on Sale for $5,000